Corporate America is coming to the realization that the concept of the Remote Workforce is now going to be with us for a long time to come.  With this in mind, CIOs and CISOs are coming up with a plan in which to safeguard all of their digital assets as this new frontier progresses and unfolds.

One tool that can be used to help them with this is what is known as “Encryption” and that is the focal point of this article.

What Is Encryption?

The process of encryption actually falls under the umbrella of a field known as “Cryptography”.  The technical definition of it is as follows:

“Data encryption is a security method where information is encoded and can only be accessed or decrypted by a user with the correct encryption key. Encrypted data, also known as ciphertext, appears scrambled or unreadable to a person or entity accessing without permission.”

(SOURCE:  1).

Put in simpler terms, encryption is the process by which a message is converted into a garbled state which is completely undecipherable.  The primary reason for this is that if it were to be intercepted by a malicious third party (such as a Cyberattacker), there is really not much that they can do with it.  There are some important terms that relate to encryption, and they are as follows:

  • The Plaintext Message:
    This is the actual content that the individual has created and is not scrambled in any way.
  • The Ciphertext:
    This is the plaintext message that has been converted over into a garbled format.
  • The Public Key:
    This is the mechanism that is used to render  the plaintext message.
  • The Private Key:
    This is the tool that is used to take that garbled content and render into it in a format that is both decipherable and comprehensible without any difficulty.  This process is formally known as “decryption”, which is the total opposite of encryption.

It is important to keep in mind that encryption can be used to protect just about any kind of content, but it is most typically used in email applications, from the sender to the receiver, and vice versa.

How Encryption Is Used In M365

If you are sending an Email message in Microsoft Exchange (using Outlook as the email reader), this is the process that is used in M365:

  1. Once the sender of the email message has finished compiling their email message, it can be converted over into a Ciphertext by making use of a Public Key either on their local machine, or it can also be done by the email server that is used to transmit and receive email messages in your business.
  2. This Ciphertext is then transmitted across the network lines of communication until it reaches the email server of the receiver.
  3. Once it has landed here, the Ciphertext is then transmitted to the device of the receiver.  From here, the ciphertext can either be decrypted by the Email server which has received the Email message, or by Outlook on the receiver’s machine.

The Types of Encryption Services In M365

Although M365 does offer a complete, robust set of encryption services that you can pick a la carte, the following are the three core options that are offered:

  • The Office 365 Message Encryption:
    Also known as “OME”, this is a service that is actually built upon the Azure Rights Management functionality.  With this, you can encrypt email messages to both internal and external parties of your business, and these kinds of messages can be sent to just about any kind of email domain, including those of Gmail, Yahoo, and Outlook.com.
  • The IRM (Information Rights Management):
    This is a more specialized type of encryption in that various usage restrictions can be applied to the particular email message that is being transmitted.  For example, it can prevent confidential information/data from being forwarded, CC’d/BCC’d, and even being printed by individuals that are not authorized to view the contents of that message.
  • S/MIME:
    This is an encryption protocol that resides within M365 itself.  With this mechanism, not only is the Email message encrypted, but it is also digitally signed as well, so that the authenticity and legitimacy of the sender can be confirmed by the receiver of that message.

How to Encrypt & Decrypt Email Messages In M365

Using the encryption tools in M365 is a very simple process, and all that is required is just a few clicks of the mouse.  Here is the process that you need to follow, assuming that you are making use of the Outlook client:

  1. To start the encryption process:
    1. Go the “Options” tab;
    2. Click on “Permission”:

      (SOURCE:  2).

  2. To encrypt the Email message:
    1. After you have clicked on the “Permission” tab, a “Change Permissions” dialog will then appear
    2. Choose “Encrypt” from the various options that are available:
      (SOURCE:  2).
  3. Once the receiver has received your encrypted email message, all he or she does at this point is to click on “Read The Message”, as illustrated below:

    (SOURCE:  2).

Conclusions

At the present time, M365 encryption tools are available with both the E3 and E5 licensing plans.  If by chance you have a lower level plan and want to make use of M365 encryption, then you have to procure the “Azure Information Protection” license for each employee in your business. If you are new to M365 and need help with all of this, contact us today!!!

Sources

  1. https://www.forcepoint.com/cyber-edu/data-encryption
  2. https://blog.netwrix.com/2018/12/13/how-to-configure-and-manage-office-365-message-encryption/
  3. https://docs.microsoft.com/en-us/microsoft-365/compliance/email-encryption?view=o365-worldwide
  4. https://docs.microsoft.com/en-us/microsoft-365/compliance/email-encryption?view=o365-worldwide